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REMARKS/ARGUMENTS 

This Amendment is being filed in response to the final Official Action of November 1, 
2005. The final Official Action continues to reject all of the pending claims of the application, 
namely Claims 1-18, under 35 U.S.C. § 102(e) as being anticipated by U.S. PatentNo. 6,775,772 
to Binding et al. Now, however, the final Official Action further rejects Claims 1 and 2 under 35 
U.S.C. § 1 12, first paragraph, alleging that the specification of the present application fails to 
support amendments to those claims presented in response to the first Official Action, More 
particularly, the final Official Action alleges that the specification of the present application fails 
to support the limitation "at least a portion of at least some of the network protocol packets being 
configured in accordance with a transport layer protocol or a network layer protocol." As 
explained below, Applicant again respectfully submits that independent Claims 1, 2 and 3, and 
by dependency Claims 4-18, are patentably distinct from the Binding patent; and accordingly 
traverse this rejection of the claimed invention. Further, Applicant respectfully submits that the 
specification does in fact support the aforementioned limitation. Nonetheless, Applicant has 
amended paragraph 24 of the specification of the present application to correct an inadvertent 
typographical error, amending an instance of reference number 408 to correctly refer to number 
406. In view of the amendment to the specification and the remarks presented herein, Applicant 
respectfully requests reconsideration and allowance of all of the pending claims of the present 
application. Alternatively, as neither the amendment to the specification nor the remarks 
presented herein raise any new issues and do not introduce any new matter, Applicant 
respectfully requests entry of this correspondence for purposes of narrowing the issues upon 
appeal. 

A. Claims 1 and 2 are Supported by the Specification 

As indicated above, the final Official Action alleges that the specification of the present 
application does not support the following limitation of Claims 1 and 2: "at least a portion of at 
least some of the network protocol packets being configured in accordance with a transport layer 
protocol or a network layer protocol." To the contrary, however, Applicant respectfully submits 
that the specification does in fact support the aforementioned limitation. In this regard, as 
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disclosed in the specification at paragraph 24 and with reference to FIGS, 3 and 4, a network 
protocol packet 204 may include a network protocol header 402 and network protocol data 404. 
The network protocol data in turn may include a first cryptographic protocol header 406 and a 
first plurality of encrypted data 408. In one disclosed example embodiment, the cryptographic 
protocol header 406 may comprise a TCP header, which is well known to those skilled in the art 
as a transport layer protocol. See Wikipedia, Transmission Control Protocol • - Wikipedia, the 
Free Encyclopedia (last modified Dec. 29, 2005) 

<http;//en.wikipedia.org/^^ (explaining that "TCP does the 

task of the transport layer in the simplified OSI model of computer networks. 3 *). In another 
example embodiment, the cryptographic protocol header 406 may comprise an ESP header, 
which as is well known to those skilled in the art, is a network layer protocol. See Wikipedia, 
IPSec - Wikipedia, the Free Encyclopedia (last modified Nov. 2, 2005) 
<http://en.wikipedk.org/wiki/IPSec> (explaining that the IPSec standard includes the ESP 
protocol, which operates at layer 3 - i.e., the network layer - of the OSI model). 

Applicant therefore respectfully submits that at least at paragraph 24 and FIGS. 3 and 4, 
the specification of the present application discloses a cryptographic protocol header (Le,, a 
portion of a network protocol packet) being configured in accordance with TCP (i.e., a transport 
layer protocol) or ESP (i.e., a network layer protocol). Accordingly, Applicant also respectfully 
submits that the specification of the present application does in fact include the aforementioned 
limitation of Claims 1 and 2; and that the rejection of Claims 1 and 2 under 35 U.S.C. §112, first 
paragraph, is overcome. 

B. Claims 1-18 are Patentable 

As explained in response to the first Official Action, the Binding patent discloses a 
piggy-backed key exchange protocol for providing low-overhead browser connections from a 
client to a server using a trusted third party. According to one disclosed scenario implementing 
the disclosed system, a client and server do not have a common message encoding scheme with 
one another. However, each of the client and server does share an encoding scheme with a 
trusted third party (TTP), Ml representing the encoding scheme between the client and TTP, and 
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M2 representing the encoding scheme between the TTP and server. In accordance with this 
disclosed scenario, the client sends the server a common HTTP message (e.g.. HTTP GET) that 
includes security-sensitive parameters encrypted using scheme Ml. The server, determining that 
it cannot process the encrypted parameters, encrypts the encrypted parameters using scheme M2 ? 
and forwards the further-encrypted parameters to the TTP, Being configured to process 
messages encrypted with either scheme Ml or scheme M2 5 the TTP decrypts the further- 
encrypted parameters using scheme M2, and then decrypts the encrypted parameters using 
scheme Ml, the decryption steps resulting in cleartext parameters. 

Further in accordance with the Binding patent, after obtaining the cleartext parameters, 
the TTP re-encrypts the cleartext parameters using scheme M2, and forwards the re-encrypted 
parameters to the server. The server decrypts the re-encrypted parameters using scheme M2 to 
similarly obtain the cleartext parameters, from which the server creates the content requested by 
the client The server then encrypts the requested content using a new encryption scheme M3 3 
thereafter returning, to the client, the encrypted content as welt as meta-inforrnation describing 
scheme M3, The client uses the meta-information to determine how to decrypt the requested 
content, and accordingly decrypts the requested content using scheme M3. 

The present application presents a system and method for providing network security. As 
recited by independent Claim 1, a method for providing network security includes receiving a 
plurality of network protocol packets (e.g., IP packets). A network protocol packet includes a 
network protocol header (e,g., IP header) and a plurality of network protocol data, which 
includes a first cryptographic protocol header (e.g., TCP header) and a first plurality of encrypted 
data (e.g., SSL data). At least a portion of some of the network protocol packets are configured 
in accordance with a transport layer protocol (e.g., TCP/UDP) or a network layer protocol (e.g., 
IP). As also recited, a first plurality of cryptographic protocol rules (e.g., WTLS rules) 
associated with the network protocol data is determined, with a cryptographic session being 
established if required by the first cryptographic rules. The first plurality of ciyptographic 
protocol rules are applied to the first encrypted data to obtain a first plurality of cleartext data 
(e.g., WML data). The first plurality of cleartext data is translated into a second plurality of 
cleartext data (e.g., HTML data) in accordance with at least one translation rule. The second 
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plurality of cleartext data is then encrypted in accordance with at least one rule associated with a 
second cryptographic protocol (e.g., HTTP over SSL), resulting in a second plurality of 
encrypted data- 

Generally, in contrast to the claimed invention's handling of security at the transport 
layer (e.g., TCP/UDP) or the network protocol layer (e.g., IP), the Binding patent provides a 
system and method for providing security at the application layer (e.g., HTTP), while in the 
claimed invention the security is handled on transport protocol layer (TCP/UDP) or on network 
protocol layer (IP), More particularly, in contrast to the method of independent Claim 1, the 
Binding patent does not teach or suggest performing cryptographic operations (i.e., determining 
cryptographic rules, establishing a cryptographic session, applying the cryptographic rules, etc.) 
based on network protocol packets at least a portion of some of which are configured in 
accordance with a transport layer protocol or a network layer protocol . In addition, the Binding 
patent does not teach or suggest translating a first plurality of cleartext data into a second 
plurality of cleartext data, as also recited by independent Claim 1 , 

i. Network Protocol Packets 

As indicated above, in contrast to independent Claim 1, the Binding putent does not teach 
or suggest performing cryptographic operations based on network protocol packets at least a 
portion of some of which are configured in accordance with a transport layer protocol or a 
network layer protocol. In this regard, the Binding patent discloses that transport-based security 
protocols such as WTLS (see Claim 6) and SSL (see Claim 9) are ineffective in environments 
having transcoders and gateways that must inspect and thereafter modify some non-security- 
sensitive sections of a data stream. As also disclosed, to enable an intermediary to perform 
content modifications, end-to-end security must be provided at the application layer. Binding 
Patent, col. 3, line$ 3-24. Accordingly, the Binding patent discloses a system and method that 
establishes and maintains end-to-end security sessions at the application layer, while maintaining 
the integrity of an application-layer protocol and avoiding adding amounts of communication 
and message exchanges. Id. at col. 4, lines 9-14, More particularly, as indicated above, the 
Binding patent discloses that a client piggy-backs security-sensitive parameters onto application- 
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layer message headers, such as common HTTP message (e,g. 9 HTTP GET) headers. In contrast, 
the claimed invention recites that at least a portion of some of the received network protocol 
packets are configured in accordance with a transport layer protocol (e.g., TCI'/UDP) or a 
network layer protocol (e.g., IP). Thus^ whereas the Binding system operates at the application 
layer of the OSI model protocol stack, the claimed invention operates at the tnmsport layer or 
network layer of the protocol stack. 

Z Cleartexi Translation 

In further contrast to independent Claim 1 , the Binding patent does not teach or suggest 
translating a first plurality of cleartext data (e.g., associated with WML) into a second plurality 
of cleartext data (e.g., associated with HTML) in accordance with at least one translation rule. 
The Official Action cites column 1 5, lines 52 — 59 of the Binding patent as disclosing this feature 
of the claimed invention. In this regard, as explained in response to the first Official Action, the 
cited passage of the Binding patent discloses a TTP encrypting security-sensitive parameters 
using scheme M2, where a server from which a client requested content later decrypts the 
parameters and uses them to create the requested content that can then be encrypted and provided 
to the client. The Binding patent therefore discloses creating requested content based upon 
security-sensitive parameters. The Binding patent does not disclose, however, translating a first 
plurality of cleartext data into a second plurality of cleartext data. More particularly, even if it 
could reasonably be suggested that the disclosed security-sensitive parameters and requested 
content correspond to a first and second plurality of cleartext data, respectively, the Binding 
patent can not reasonably be interpreted to disclose not teach or suggest translating the security- 
sensitive parameters into the requested data, as recited by the claimed invention. 

In response to the foregoing remarks, the final Official Action alleges that any form of 
decoded data being re-encrypted, and then again decoded to second decoded data, as disclosed 
by the Binding patent, meets the respective limitation. In the aforementioned instance, the first 
decoded data is the same as the second decoded data. In the claimed invention, however, the 
first plurality of cleartext data is translated to a second plurality of cleartext data that is different 
from the first cleartext data. Applicants note that the claims of the present application do not 
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explicitly recite that the first and second plurality of cleartext data are different, but the typical 
meaning of the recited term "translating" and logic dictate such an interpretation. In this regard, 
the term ''translating" is well understood to those skilled in the art as meaning to change from 
one form to another . In fact, even in the cited passage of the Binding patent, each instance of 
translating or encoding/decoding involves those steps being performed to move the data from 
one foim (encoded/decoded) to another (the other of encoded/decoded). The entire sequence, 
however, does not translate data from one form to another. Moreover, if the first and second 
plurality of cleartext data were interpreted as the same plurality of cleartext data, the claims 
would illogically be interpreted as reciting 'translating the plurality of cleartext data into the 
plurality of cleartext data." 

Applicant therefore respectfully submits that the method of independent Claim 1 , and by 
dependency Claims 4-1 1 , is patentably distinct from the system and method of the Binding 
patent. Applicant also respectfully submits that independent Claims 2 and 3, and by dependency 
Claims 12-1 8, recite subject matter similar to that of independent Claim 1 . For example, 
independent Claim 2 recites that at least a portion of at least some of the received network 
protocol packets are configured in accordance with a transport layer protocol or a network layer 
protocol. Also, for example, independent Claim 3 recites obtaining first clearlext data based 
upon first encrypted data, translating the first cleartext data into second cleartext data, and 
encrypting the second cleartext data to obtain second encrypted data. As such, Applicant 
respectfully submits that independent Claims 2 and 3, and by dependency Claims 12-18, are 
patentably distinct from the Binding patent for at least those reasons explained above with 
respect to independent Claim 1 . 

C. Dependent Claims 6 and 9 

In addition to the aforementioned reasons, Applicant respectfully submits that various 
ones of dependent Claims 4-1 1 recite features that are further patentably distinct from the system 
and method of the Binding patent. For example, dependent Claims 6 and 9 further recite that the 
first and second cryptographic protocols comprise WTLS and SSL over HTTP, respectively. As 
will be appreciated, and as explained in the Binding patent, WTLS and SSL are both transport- 
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layer security protocols. As also explained by the Binding patent, however, such protocols have 
drawbacks in certain environments, which the Binding patent seeks to overcome by establishing 
and maintaining end-to-end security sessions at the application layer. Thus, although the 
Binding patent does disclose the existence of the WTLS and SSL protocols, the Binding patent 
teaches away from their use by implementing its disclosed application-layer security system and 
method. 

Applicant therefore respectfully submits that Claims 1-18 are patentably distinct from the 
binding patent Accordingly, Applicant also respectfully submits that the rejection of Claims 1- 
18 under 35 U,S.C. § 102(e) as being anticipated by the Binding patent is overcome. 
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CONCLUSION 

In view of the amendment to the specification and the remarks presented above, 
Applicant respectfully submits that the present application is in condition for allowance. As 
such, the issuance of a Notice of Allowance is therefore respectfully requested. In order to 
expedite the examination of the present application, the Examiner is encouraged to contact 
Applicant's undersigned attorney in order to Tesolve any remaining issues. As explained above, 
no new matter or issues are raised by this Amendment, and as such, Applicant alternatively 
respectfully requests entry of this Amendment for puxposes of narrowing the issues upon appeal. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1 .136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 

Respectfully submitted, 



Andrew T, Spence 
Registration No. 45,699 
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